The main idea of this blog is share solutions or walk arounds of problems I faced.

Tuesday, August 13, 2013

Set up reverse proxy & Force https for entire server/domain

Sometime we need to disable http for the entire server/domain, then all applications regardless which web container/server it deployed on, will be only accessible via https.

To do this, we can disable http methods in Apache and use reverse proxy processing all requests to every application which is not with Apache but servlet web containers. And following content shows how to achieve this goal step by step.

The CentOS package of the Apache HTTP server includes the proxy module. To enable this module, create the/etc/httpd/conf.d/proxy.conffile with the following content.

File excerpt:/etc/httpd/conf.d/proxy.conf

<IfModulemod_proxy.c>#turning ProxyRequests on and allowing proxying from all may allow#spammers to use your proxy to send email.ProxyRequestsOff<Proxy*>AddDefaultCharsetoffOrder deny,allow
Allow from all</Proxy>
ProxyPass /app http://localhost:8080/app
ProxyPassReverse /app http://localhost:8080/app
# Enable/disable the handling of HTTP/1.1 "Via:" headers.# ("Full" adds the server version; "Block" removes all outgoing Via: headers)# Set to one of: Off | On | Full | BlockProxyViaOn</IfModule>

This turns on proxy support in the module configuration.Please notethe warning regarding theProxyRequestsdirective. It should be "off" in your configuration. Next, we'll issue the following command to restart Apache:

/etc/init.d/httpd restart

Apache should restart cleanly. If you encounter any issues, you may wish to inspect the logs available under/var/log/httpd/for more information.

HOWTO: Disable HTTP Methods in Apache

There are a minimum of four components to a mod_rewrite rule; the directive that loads the module, the directive that turns the rewrite engine on, a rewrite condition, and a rewrite rule.

Since mod_rewrite is so commonly used, the directive that loads the module will more likely than not already be present. Search your apache configuraction file(s) for mod_rewrite.so (in /etc/httpd/modules). If it is not found, add the following line to your apache configuration file (typically known as /etc/httpd/confhttpd.conf):

LoadModule rewrite_module path/to/apache/modules/mod_rewrite.so

To enable the rewrite engine and force https for entire server, add the following: